Total
3853 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1117 | 1 Openbi | 1 Openbi | 2024-08-01 | 7.3 High |
| A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475. | ||||
| CVE-2024-1015 | 1 Se-elektronicgmbh | 2 E-ddc3.3, E-ddc3.3 Firmware | 2024-08-01 | 9.8 Critical |
| Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device. | ||||
| CVE-2024-0521 | 1 Paddlepaddle | 1 Paddle | 2024-08-01 | 7.8 High |
| Code Injection in paddlepaddle/paddle | ||||
| CVE-2024-0325 | 1 Perforce | 1 Helix Sync | 2024-08-01 | 3.6 Low |
| In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. | ||||
| CVE-2024-0196 | 1 Ssssssss | 1 Magic-api | 2024-08-01 | 6.3 Medium |
| A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511. | ||||
| CVE-2024-0195 | 1 Ssssssss | 1 Spider-flow | 2024-08-01 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0252 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-08-01 | 8.8 High |
| ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability. | ||||
| CVE-1999-0891 | 1 Microsoft | 1 Internet Explorer | 2024-08-01 | N/A |
| The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect. | ||||
| CVE-1999-0702 | 1 Microsoft | 1 Internet Explorer | 2024-08-01 | N/A |
| Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. | ||||
| CVE-1999-0491 | 1 Gnu | 1 Bash | 2024-08-01 | N/A |
| The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. | ||||
| CVE-1999-0509 | 2024-08-01 | N/A | ||
| Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. | ||||
| CVE-2007-6678 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6167. Reason: This candidate is a duplicate of CVE-2007-6167. Notes: All CVE users should reference CVE-2007-6167 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||
| CVE-2023-33426 | 2023-05-24 | 9.8 Critical | ||
| A vulnerability was found in Apache RocketMQ where, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification. This flaw allows an attacker to use the update configuration function to execute commands as the system users that RocketMQ is running as. | ||||